use-k3sup
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the arkade installer from get.arkade.dev via curl.
- [REMOTE_CODE_EXECUTION]: Executes the downloaded arkade installer script directly in bash, which is a common pattern for CLI tool installation.
- [COMMAND_EXECUTION]: Utilizes sudo for tool installation and provisioning tasks, and provides instructions for running processes in root shells to facilitate cluster configuration.
- [CREDENTIALS_UNSAFE]: Accesses local SSH private keys (e.g., ~/.ssh/id_ed25519) to facilitate authentication with remote nodes during cluster installation and management.
- [PROMPT_INJECTION]: The skill processes untrusted external configuration data which could lead to indirect prompt injection.
- Ingestion points: hosts.json, devices.json, and plan.yaml files mentioned in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present for the input files.
- Capability inventory: Includes bash command execution, curl for network requests, sudo for privilege escalation, and k3sup for remote host management.
- Sanitization: No sanitization or validation logic for the structure or content of the input JSON/YAML files is described.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.arkade.dev - DO NOT USE without thorough review
Audit Metadata